I get that, but surely you have to provide a reasonable amount of time for patches to be installed. Perhaps a 2-part blog entry, where he gives general details (to instill urgency) and then release exploit code a month later?
If he published because Apple just patched, then I agree. If he published because he said he was going to disclose it at a certain time, then I think it's Apple's fault for dragging their feet. 6 months is an eternity.
